Lucene search
K
WpexploitMost viewed

4359 matches found

wpexploit
wpexploit
added 2023/09/25 12:0 a.m.154 views

User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS

Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. As a Contributor+ create a new post and add one of the following shortcode. avatar user="admin"...

5.4CVSS5.4AI score0.00394EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.154 views

Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged-in admin open a page containing the HTML code below. "/...

6.1CVSS5.8AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.154 views

WP ERP < 1.12.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. As an admin user, visit the following URL on the site:...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/23 12:0 a.m.154 views

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Dashboard - Settings - General"...

4.8CVSS5.4AI score0.0047EPSS
Exploits2
wpexploit
wpexploit
added 2023/04/20 12:0 a.m.154 views

ActiveCampaign < 8.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a "AC Forms" Gutenberg block to a...

5.4CVSS7.8AI score0.00462EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/24 12:0 a.m.154 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.6AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/11/22 12:0 a.m.154 views

Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post flowplayer src='...

5.4CVSS0.9AI score0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/06 12:0 a.m.154 views

miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Put the following payload in the...

4.8CVSS0.8AI score0.00548EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.154 views

New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. Add code...

4.3CVSS2AI score0.00367EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/19 12:0 a.m.154 views

Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php/%22%3E%3Csvg/onload=alert/xss/%3E?page=ais...

6.1CVSS1.3AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.154 views

Easy Digital Downloads < 2.11.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Create/edit a Download and put the following payload in the File Name field: Download the...

4.8CVSS0.3AI score0.0065EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/16 12:0 a.m.154 views

BulletProof Security < 5.2 - Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files...

5.3CVSS1.5AI score0.7233EPSS
Exploits7References2
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.154 views

Responsive 3D Slider <= 1.2 - Authenticated SQL Injection

The Add new scene functionality in the plugin uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 secon...

7.2CVSS0.6AI score0.01467EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.154 views

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $outp...

6.4CVSS0.9AI score0.00651EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/07/23 12:0 a.m.154 views

Cashtomer <= 1.0.0 - Authenticated SQL Injection

An editid GET parameter of the plugin is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=add-social-point&id=facebookshare&editid=-9677%20UNION%20ALL%20SELECT%20NULL,NULL,user,NULL,NULL-- HTTP/1.1...

6.5CVSS1.1AI score0.01568EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/29 12:0 a.m.154 views

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

The plugin did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for exampl...

5.4CVSS0.3AI score0.00681EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/11 12:0 a.m.154 views

Welcart e-Commerce < 2.2.4 - Cross-Site Scripting (XSS)

The plugin did not sanitise or validate the orderid parameter before outputting in the page of the admin dashboard, leading to a reflected Cross-Site Scripting issue http://wp.lab/wordpress/wp-admin/admin.php?page=uscesorderlist&orderaction=edit&orderid=1"alert/XSS/...

6.1CVSS0.4AI score0.01044EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/05/31 12:0 a.m.153 views

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

5.6AI score0.00255EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.153 views

Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...

6AI score0.00741EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.153 views

WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. document.forms0.submit;...

8.8CVSS9.4AI score0.00329EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/03 12:0 a.m.153 views

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks Have an administrator open the following HTML file:...

4.3CVSS6.8AI score0.00218EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/08 12:0 a.m.153 views

PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...

7.5CVSS6.4AI score0.00726EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.153 views

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. Insert '"Clickme! on the keyword search field or directly on the link...

6.1CVSS6.5AI score0.0042EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/05 12:0 a.m.153 views

Newsletter Lite < 4.9.3 - Admin+ Command Injection

Description The plugin does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. 1 Navigate to "Newsletters Configuration History & Emails Configuration"...

7.2CVSS7.5AI score0.00963EPSS
Exploits2
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.153 views

PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS

Description The plugin does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin. Add the following payload to the Media URL field:...

5.4CVSS7.1AI score0.00403EPSS
Exploits2
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.153 views

Min Max Control < 4.6 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. alert1'...

6.1CVSS6.1AI score0.00396EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.153 views

Short URL < 1.6.5 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. In the plugin settings, add the POC alert1 to the...

6.1AI score0.00429EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/03 12:0 a.m.153 views

Login/Signup Popup < 2.4 - Settings Reset via CSRF

The plugin does not have CSRF check when reseting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=easy-login-woocommerce-settings&reset=yes...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.153 views

Login Configurator <= 2.1 - Reflected Cross-Site Scripting

The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators. Visit the following path:...

6.1CVSS8.5AI score0.00673EPSS
Exploits3
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.153 views

KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure

The plugin does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users Run the below command in the developer console of the web...

6.5CVSS9AI score0.00754EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/10 12:0 a.m.153 views

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to SEO by 10Web » Sitemap section. 2. And n...

4.8CVSS8.4AI score0.00909EPSS
Exploits3
wpexploit
wpexploit
added 2023/04/05 12:0 a.m.153 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Login as Admin. 2. Go to...

4.8CVSS8.8AI score0.00501EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.153 views

NEX-Forms < 8.3.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Add a form 2. Insert the following payloa...

5.4CVSS5.6AI score0.00503EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.153 views

Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...

5.4CVSS0.00471EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.153 views

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.7AI score0.00449EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/10 12:0 a.m.153 views

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "img src=x...

4.8CVSS0.9AI score0.00552EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.153 views

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...

8.8CVSS8.7AI score0.01263EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.153 views

One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. document.getElementById"test".submit;...

8.1CVSS1.2AI score0.00517EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/31 12:0 a.m.153 views

ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation

The plugin does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website fetch"/wp-admin/admin-ajax.php", "headers":...

5.4CVSS1.7AI score0.00303EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.153 views

Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls

The plugin does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The deletecf7data would lead to arbitrary metadata deletion, as well ...

4.3CVSS5.6AI score0.0037EPSS
Exploits2
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.153 views

Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Download Counter Text settings and tick the Show Downlo...

4.8CVSS4.8AI score0.00647EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.153 views

WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1 Accept:...

5.4CVSS0.6AI score0.01442EPSS
Exploits1References2
wpexploit
wpexploit
added 2021/05/31 12:0 a.m.153 views

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

5.4CVSS0.5AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/02 12:0 a.m.152 views

CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server https://example.com/wp-content/themes/cas/download.php?path=...

7AI score0.00719EPSS
Exploits1
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.152 views

WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer&doaction=delete&prayer...

6.8AI score0.00189EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.152 views

Super Socializer < 7.13.64 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed When creating a new widget, insert the following payload in the "FaceBook URL" field -...

6AI score0.005EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/18 12:0 a.m.152 views

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting Open an HTML file containing the following: alert/XSS/' / var form1 = document.getElementById'hack'; form1.submit...

6.7AI score0.00499EPSS
Exploits2
wpexploit
wpexploit
added 2024/03/07 12:0 a.m.152 views

Pz-LinkCard < 2.5.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the "Class ID to be Added for PC" setting of the plugin...

8.6AI score0.00467EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/02/21 12:0 a.m.152 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new Facebook like widget. ...

7.3AI score0.00396EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.152 views

Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Navigate to:...

7.9AI score0.00255EPSS
Exploits2
Total number of security vulnerabilities4359